Update to IBM MQ version 9.1.1.0 (#251)

* Update to MQ v9.1.1

* update incubating to 911

* check docker version on travis

* travis docker version is now high enough

.gitignore

@@ -7,3 +7,8 @@ build
 coverage
 downloads
 incubating/mqipt/ms81*
+vendor/github.com/prometheus/client_model/bin/
+vendor/github.com/prometheus/client_model/.classpath
+vendor/github.com/prometheus/client_model/.project
+vendor/github.com/prometheus/client_model/.settings*
+gosec_results.json

.travis.yml

@@ -29,8 +29,7 @@ cache:
 
 env:
   - BASE_IMAGE=ubuntu:16.04
-# Commented out temporarily until Issue 166 is resolved
+  - BASE_IMAGE=centos:latest
-#  - BASE_IMAGE=centos:latest
 
 jobs:
   include:
@@ -46,24 +45,29 @@ jobs:
     - env: DOCKER_DOWNGRADE="echo nothing to be done"
 
 before_install:
-  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+  - ./install-build-deps-ubuntu.sh
-  - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-  - sudo apt-get update
-  - sudo apt-get -y install docker-ce
-  - curl https://glide.sh/get | sh
-  - sudo curl -Lo /usr/local/bin/dep https://github.com/golang/dep/releases/download/v0.4.1/dep-linux-amd64
-  - sudo chmod +x /usr/local/bin/dep
 
 install:
   - echo nothing
 
-script:
+before_script:
+  - echo 'Downloading Go dependencies...' && echo -en 'travis_fold:start:deps\\r'
   - make deps
+  - echo -en 'travis_fold:end:deps\\r'
+  - echo 'Building Developer image...' && echo -en 'travis_fold:start:build-devserver\\r'
   - make build-devserver
+  - echo -en 'travis_fold:end:build-devserver\\r'
+  - echo 'Building Developer JMS test image...' && echo -en 'travis_fold:start:build-devjmstest\\r'
   - make build-devjmstest
+  - echo -en 'travis_fold:end:build-devjmstest\\r'
+
+script:
+  - echo 'Downgrading Docker (if necessary)...' && echo -en 'travis_fold:start:docker-downgrade\\r'
   - eval "$DOCKER_DOWNGRADE"
+  - echo -en 'travis_fold:end:docker-downgrade\\r'
+  - echo 'Testing Developer image...' && echo -en 'travis_fold:start:test-devserver\\r'
   - make test-devserver
+  - echo -en 'travis_fold:end:test-devserver\\r'
 
 after_success:
-  - go get golang.org/x/lint/golint
   - make lint

CHANGELOG.md

@@ -1,5 +1,21 @@
 # Change log
 
+## 9.1.1.0 (2018-11-30)
+
+* Updated to MQ version 9.1.1.0
+* Created seperate RedHat Makefile for building images on RedHat machines with buildah
+* Enabled REST messaging capability for app user.
+* Added support for container suplimentary groups
+* Removed IBM MQ version 9.0.5 details.
+* Added additional Diagnostics ([#203](https://github.com/ibm-messaging/mq-container/pull/203))
+* Implementted GOSec to perform code scans for security vulnerabilities. (([#227](https://github.com/ibm-messaging/mq-container/pull/227)))
+* Removed Queue manager create option from the MQ Console.
+* Fixes for the following issues:
+    * Check explicitly for `/mnt/mqm` ([#175](https://github.com/ibm-messaging/mq-container/pull/175))
+    * Force string output in chkmqhealthy ([#174](https://github.com/ibm-messaging/mq-container/pull/174))
+    * Use -aG not -G when adding a group for a user
+    * Security fixes for libsystemd0 systemd systemd-sysv & libudev1
+
 ## 9.1.0.0 (2018-07-23)
 
 * Updated to MQ version 9.1.0.0

Dockerfile-server

@@ -13,7 +13,7 @@
 # limitations under the License.
 
 ARG BASE_IMAGE=ubuntu:16.04
-ARG BUILDER_IMAGE=mq-golang-sdk:9.0.5.0-x86_64-ubuntu-16.04
+ARG BUILDER_IMAGE=mq-golang-sdk:9.1.1.0-x86_64-ubuntu-16.04
 
 ###############################################################################
 # Build stage to build Go code

Makefile

@@ -17,66 +17,54 @@
 ###############################################################################
 GO_PKG_DIRS = ./cmd ./internal ./test
 
-BASE_OS = $(shell cat /etc/*-release | grep ID=)
+# Set variable if running on a Red Hat Enterprise Linux host
-ifeq "$(findstring ubuntu,$(BASE_OS))" "ubuntu"
+ifneq ($(wildcard /etc/redhat-release),)
-	BASE_OS=UBUNTU
+REDHAT_RELEASE = $(shell cat /etc/redhat-release)
-else ifeq "$(findstring rhel,$(BASE_OS))" "rhel"
+ifeq "$(findstring Red Hat,$(REDHAT_RELEASE))" "Red Hat"
-	BASE_OS=RHEL
+    RHEL_HOST = "true"
-else
+endif
-	BASE_OS=UNKNOWN
 endif
-
-
 
 ###############################################################################
 # Build targets
 ###############################################################################
 
-# default to building UBUNTU as this was the default for the previous Makefile
+# Targets default to a RHEL image on a RHEL host, or an Ubuntu image everywhere else
+
 .PHONY: build-devserver
-ifeq ($(BASE_OS),UBUNTU)
+ifdef RHEL_HOST
-build-devserver: build-devserver-ubuntu
-else ifeq ($(BASE_OS),RHEL)
 build-devserver: build-devserver-rhel
 else
-build-devserver: unknownos
+build-devserver: build-devserver-ubuntu
 endif
 
 .PHONY: build-advancedserver
-ifeq ($(BASE_OS),UBUNTU)
+ifdef RHEL_HOST
-build-advancedserver: build-advancedserver-ubuntu
-else ifeq ($(BASE_OS),RHEL)
 build-advancedserver: build-advancedserver-rhel
 else
-build-advancedserver: unknownos
+build-advancedserver: build-advancedserver-ubuntu
 endif
 
 
 .PHONY: test-devserver
-ifeq ($(BASE_OS),UBUNTU)
+ifdef RHEL_HOST
-test-devserver: test-devserver-ubuntu
-else ifeq ($(BASE_OS),RHEL)
 test-devserver: test-devserver-rhel
 else
-test-devserver: unknownos
+test-devserver: test-devserver-ubuntu
 endif
 
 .PHONY: test-advancedserver
-ifeq ($(BASE_OS),UBUNTU)
+ifdef RHEL_HOST
-test-advancedserver: test-advancedserver-ubuntu
-else ifeq ($(BASE_OS),RHEL)
 test-advancedserver: test-advancedserver-rhel
 else
-test-advancedserver: unknownos
+test-advancedserver: test-advancedserver-ubuntu
 endif
 
 .PHONY: build-devjmstest
-ifeq ($(BASE_OS),UBUNTU)
+ifdef RHEL_HOST
-build-devjmstest: build-devjmstest-ubuntu
-else ifeq ($(BASE_OS),RHEL)
 build-devjmstest: build-devjmstest-rhel
 else
-build-devjmstest: unknownos
+build-devjmstest: build-devjmstest-ubuntu
 endif
 
 # UBUNTU building targets
@@ -153,6 +141,32 @@ lint: $(addsuffix /$(wildcard *.go), $(GO_PKG_DIRS))
 	@# As of 11/04/2018 there is an open issue to fix it: https://github.com/golang/lint/issues/320
 	golint -set_exit_status $(sort $(dir $(wildcard $(addsuffix /*/*.go, $(GO_PKG_DIRS)))))
 
+.PHONY: gosec
+gosec: $(info $(SPACER)$(shell printf "Running gosec test"$(END))) 
+	@gosec -fmt=json -out=gosec_results.json cmd/... internal/... 2> /dev/null ;\
+	cat "gosec_results.json" ;\
+	cat gosec_results.json | grep HIGH | grep severity > /dev/null ;\
+	if [ $$? -eq 0 ]; then \
+		printf "\nFAILURE: gosec found files containing HIGH severity issues - see results.json\n" ;\
+		exit 1 ;\
+	else \
+		printf "\ngosec found no HIGH severity issues\n" ;\
+	fi ;\
+	cat gosec_results.json | grep MEDIUM | grep severity > /dev/null ;\
+	if [ $$? -eq 0 ]; then \
+		printf "\nFAILURE: gosec found files containing MEDIUM severity issues - see results.json\n" ;\
+		exit 1 ;\
+	else \
+		printf "\ngosec found no MEDIUM severity issues\n" ;\
+	fi ;\
+	cat gosec_results.json | grep LOW | grep severity > /dev/null;\
+	if [ $$? -eq 0 ]; then \
+		printf "\nFAILURE: gosec found files containing LOW severity issues - see results.json\n" ;\
+		exit 1;\
+	else \
+		printf "\ngosec found no LOW severity issues\n" ;\
+fi ;\
+
 .PHONY: unknownos
 unknownos:
 	$(info $(SPACER)$(shell printf "ERROR: Unknown OS ("$(BASE_OS)") please run specific make targets"$(END)))

Makefile-RHEL

@@ -19,7 +19,7 @@
 # BASE_IMAGE is the base image to use for MQ, for example "ubuntu" or "rhel"
 BASE_IMAGE ?= rhel
 # MQ_VERSION is the fully qualified MQ version number to build
-MQ_VERSION ?= 9.1.0.0
+MQ_VERSION ?= 9.1.1.0
 # MQ_ARCHIVE is the name of the file, under the downloads directory, from which MQ Advanced can
 # be installed. The default value is derived from MQ_VERSION, BASE_IMAGE and architecture
 # Does not apply to MQ Advanced for Developers.
@@ -32,9 +32,9 @@ MQ_SDK_ARCHIVE ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION))
 # Options to `go test` for the Docker tests
 TEST_OPTS_DOCKER ?=
 # MQ_IMAGE_ADVANCEDSERVER is the name and tag of the built MQ Advanced image
-MQ_IMAGE_ADVANCEDSERVER ?=mqadvanced-server:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG)
+MQ_IMAGE_ADVANCEDSERVER ?=mqadvanced-server:$(MQ_VERSION)-RHEL-$(ARCH)
 # MQ_IMAGE_DEVSERVER is the name and tag of the built MQ Advanced for Developers image
-MQ_IMAGE_DEVSERVER ?=mqadvanced-server-dev:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG)
+MQ_IMAGE_DEVSERVER ?=mqadvanced-server-dev:$(MQ_VERSION)-RHEL-$(ARCH)
 # MQ_IMAGE_SDK is the name and tag of the built MQ Advanced for Developers SDK image
 MQ_IMAGE_SDK ?=mq-sdk:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG)
 # MQ_IMAGE_GOLANG_SDK is the name and tag of the built MQ Advanced for Developers SDK image, plus Go tools
@@ -78,22 +78,52 @@ endif
 # Archive names for IBM MQ Advanced for Developers
 MQ_ARCHIVE_DEV_9.0.5.0=mqadv_dev905_linux_x86-64.tar.gz
 MQ_ARCHIVE_DEV_9.1.0.0=mqadv_dev910_linux_$(MQ_DEV_ARCH).tar.gz
+MQ_ARCHIVE_DEV_9.1.1.0=mqadv_dev910_linux_$(MQ_DEV_ARCH).tar.gz
 
 ###############################################################################
 # Build targets
 ###############################################################################
+.PHONY: vars
+vars:
+#ifeq "$(findstring ubuntu,$(BASE_IMAGE))","ubuntu"
+	@echo $(MQ_ARCHIVE_ARCH)
+	@echo $(MQ_ARCHIVE_TYPE)
+	@echo $(MQ_ARCHIVE)
 
-# Vendor Go dependencies for the Docker tests
+.PHONY: default
-test/docker/vendor:
+default: build-devserver test-devserver
-	cd test/docker && dep ensure -vendor-only
+
+# Build all components (except incubating ones)
+.PHONY: all
+all: build-devserver build-advancedserver
+
+.PHONY: test-all
+test-all: build-devjmstest test-devserver test-advancedserver
+
+.PHONY: devserver
+devserver: build-devserver build-devjmstest test-devserver
+
+# Build incubating components
+.PHONY: incubating
+incubating: build-explorer
 
 downloads/$(MQ_ARCHIVE_DEV):
 	$(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END)))
 	mkdir -p downloads
 	cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_ARCHIVE_DEV)
 
+downloads/$(MQ_SDK_ARCHIVE):
+	$(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END)))
+	mkdir -p downloads
+	cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_SDK_ARCHIVE)
+
 .PHONY: downloads
-downloads: downloads/$(MQ_ARCHIVE_DEV)
+downloads: downloads/$(MQ_ARCHIVE_DEV) downloads/$(MQ_SDK_ARCHIVE)
+
+# Vendor Go dependencies for the Docker tests
+test/docker/vendor:
+	cd test/docker && dep ensure -vendor-only
+
 
 .PHONY: check-prereqs
 check-prereqs:
@@ -111,7 +141,7 @@ check-prereqs:
 .PHONY: test-advancedserver
 test-advancedserver: check-test-prereqs test/docker/vendor
 	$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER) on $(shell docker --version)"$(END)))
-	buildah push $(MQ_IMAGE_ADVANCEDSERVER) docker-daemon:$(MQ_IMAGE_ADVANCEDSERVER)
+	sudo buildah push $(MQ_IMAGE_ADVANCEDSERVER) docker-daemon:$(MQ_IMAGE_ADVANCEDSERVER)
 	docker tag docker.io/$(MQ_IMAGE_ADVANCEDSERVER) $(MQ_IMAGE_ADVANCEDSERVER)
 	cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER) EXPECTED_LICENSE=Production go test $(TEST_OPTS_DOCKER)
 
@@ -119,44 +149,49 @@ test-advancedserver: check-test-prereqs test/docker/vendor
 .PHONY: test-devserver
 test-devserver: check-test-prereqs test/docker/vendor
 	$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_DEVSERVER) on $(shell docker --version)"$(END)))
-	buildah push $(MQ_IMAGE_DEVSERVER) docker-daemon:$(MQ_IMAGE_DEVSERVER)
+	sudo buildah push $(MQ_IMAGE_DEVSERVER) docker-daemon:$(MQ_IMAGE_DEVSERVER)
 	docker tag docker.io/$(MQ_IMAGE_DEVSERVER) $(MQ_IMAGE_DEVSERVER)
 	cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) go test -tags mqdev $(TEST_OPTS_DOCKER)
 
 
 .PHONY: build-advancedserver
 build-advancedserver: MQ_SDK_ARCHIVE=$(MQ_ARCHIVE)
-build-advancedserver: check-prereqs downloads/$(MQ_ARCHIVE) build-go-programs
+build-advancedserver: check-prereqs downloads/$(MQ_ARCHIVE) build-go-programs-ex
 	$(info $(SPACER)$(shell printf $(TITLE)"Build $(MQ_IMAGE_ADVANCEDSERVER)"$(END)))
-	mq-advanced-server-rhel/mq-buildah.sh "$(MQ_ARCHIVE)" "$(MQ_PACKAGES)" "$(MQ_IMAGE_ADVANCEDSERVER)" "$(MQ_VERSION)" "$(MQDEV)"
+	sudo mq-advanced-server-rhel/mq-buildah.sh "$(MQ_ARCHIVE)" "$(MQ_PACKAGES)" "$(MQ_IMAGE_ADVANCEDSERVER)" "$(MQ_VERSION)" "$(MQDEV)"
 
 
 .PHONY: build-devserver
 build-devserver: MQ_SDK_ARCHIVE=$(MQ_ARCHIVE_DEV)
 build-devserver: MQDEV=TRUE
 build-devserver: MQ_PACKAGES=MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesAMS-*.rpm MQSeriesWeb-*.rpm
-build-devserver: check-prereqs downloads/$(MQ_ARCHIVE_DEV) build-go-programs
+build-devserver: check-prereqs downloads/$(MQ_ARCHIVE_DEV) build-go-programs-ex
 	$(info $(SPACER)$(shell printf $(TITLE)"Build $(MQ_IMAGE_DEVSERVER)"$(END)))
-	mq-advanced-server-rhel/mq-buildah.sh "$(MQ_ARCHIVE_DEV)" "$(MQ_PACKAGES)" "$(MQ_IMAGE_DEVSERVER_BASE)" "$(MQ_VERSION)" "$(MQDEV)"
+	sudo mq-advanced-server-rhel/mq-buildah.sh "$(MQ_ARCHIVE_DEV)" "$(MQ_PACKAGES)" "$(MQ_IMAGE_DEVSERVER_BASE)" "$(MQ_VERSION)" "$(MQDEV)"
-	mq-advanced-server-rhel/mqdev-buildah.sh "$(MQ_IMAGE_DEVSERVER_BASE)" "$(MQ_IMAGE_DEVSERVER)" "$(MQ_VERSION)"
+	sudo mq-advanced-server-rhel/mqdev-buildah.sh "$(MQ_IMAGE_DEVSERVER_BASE)" "$(MQ_IMAGE_DEVSERVER)" "$(MQ_VERSION)"
 
 
 .PHONY: build-mqgolang-sdk
-build-mqgolang-sdk: check-prereqs downloads/$(MQ_SDK_ARCHIVE)
+build-mqgolang-sdk: check-prereqs downloads/$(MQ_SDK_ARCHIVE) build-mqgolang-sdk-ex
-	$(info $(SPACER)$(shell printf $(TITLE)"Build mq-golang SDK"$(END)))
-	mq-advanced-server-rhel/mq-golang-sdk-buildah.sh "$(MQ_SDK_ARCHIVE)" "$(MQ_IMAGE_GOLANG_SDK)"
 
+.PHONY: build-mqgolang-sdk-ex
+build-mqgolang-sdk-ex: 
+	$(info $(SPACER)$(shell printf $(TITLE)"Build mq-golang SDK"$(END)))
+	sudo mq-advanced-server-rhel/mq-golang-sdk-buildah.sh "$(MQ_SDK_ARCHIVE)" "$(MQ_IMAGE_GOLANG_SDK)"
 
 .PHONY: build-go-programs
-build-go-programs: check-prereqs build-mqgolang-sdk
+build-go-programs: check-prereqs downloads/$(MQ_SDK_ARCHIVE) build-go-programs-ex
+
+.PHONY: build-go-programs-ex
+build-go-programs-ex: build-mqgolang-sdk-ex
 	$(info $(SPACER)$(shell printf $(TITLE)"Build go programs"$(END)))
-	IMAGE_REVISION=$(IMAGE_REVISION) IMAGE_SOURCE=$(IMAGE_SOURCE) mq-advanced-server-rhel/go-buildah.sh "$(MQ_IMAGE_GOLANG_SDK)" "$(MQDEV)"
+	IMAGE_REVISION=$(IMAGE_REVISION) IMAGE_SOURCE=$(IMAGE_SOURCE) sudo mq-advanced-server-rhel/go-buildah.sh "$(MQ_IMAGE_GOLANG_SDK)" "$(MQDEV)"
 
 .PHONY: build-devjmstest
 build-devjmstest: check-test-prereqs
 	$(info $(SPACER)$(shell printf $(TITLE)"Build JMS tests for developer config"$(END)))
-	cd test/messaging && ./buildah.sh $(DEV_JMS_IMAGE)
+	cd test/messaging && sudo ./buildah.sh $(DEV_JMS_IMAGE)
-	buildah push $(DEV_JMS_IMAGE) docker-daemon:$(DEV_JMS_IMAGE)
+	sudo buildah push $(DEV_JMS_IMAGE) docker-daemon:$(DEV_JMS_IMAGE)
 	docker tag docker.io/$(DEV_JMS_IMAGE) $(DEV_JMS_IMAGE)
 
 include formatting.mk

Makefile-UBUNTU

@@ -19,7 +19,7 @@
 # BASE_IMAGE is the base image to use for MQ, for example "ubuntu" or "rhel"
 BASE_IMAGE ?= ubuntu:16.04
 # MQ_VERSION is the fully qualified MQ version number to build
-MQ_VERSION ?= 9.1.0.0
+MQ_VERSION ?= 9.1.1.0
 # MQ_ARCHIVE is the name of the file, under the downloads directory, from which MQ Advanced can
 # be installed. The default value is derived from MQ_VERSION, BASE_IMAGE and architecture
 # Does not apply to MQ Advanced for Developers.
@@ -91,6 +91,7 @@ endif
 # Archive names for IBM MQ Advanced for Developers
 MQ_ARCHIVE_DEV_9.0.5.0=mqadv_dev905_$(MQ_ARCHIVE_DEV_PLATFORM)_x86-64.tar.gz
 MQ_ARCHIVE_DEV_9.1.0.0=mqadv_dev910_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
+MQ_ARCHIVE_DEV_9.1.1.0=mqadv_dev911_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz
 
 ###############################################################################
 # Build targets

README.md

@@ -47,7 +47,7 @@ The Dockerfiles and associated code and scripts are licensed under the [Apache L
 Licenses for the products installed within the images are as follows:
 
 - [IBM MQ Advanced for Developers](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-AVCJ4S) (International License Agreement for Non-Warranted Programs). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
-- [IBM MQ Advanced](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-AV6GV5) (International Program License Agreement). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
+- [IBM MQ Advanced](http://www14.software.ibm.com/cgi-bin/weblap/lap.pl?la_formnum=Z125-3301-14&li_formnum=L-APIG-AZYF4X) (International Program License Agreement). This license may be viewed from an image using the `LICENSE=view` environment variable as described above or by following the link above.
 - License information for Ubuntu packages may be found in `/usr/share/doc/${package}/copyright`
 
 Note: The IBM MQ Advanced for Developers license does not permit further distribution and the terms restrict usage to a developer machine.

cmd/chkmqhealthy/main.go

@@ -32,6 +32,7 @@ func queueManagerHealthy() (bool, error) {
 		return false, err
 	}
 	// Specify the queue manager name, just in case someone's created a second queue manager
+	// #nosec G204
 	cmd := exec.Command("dspmq", "-n", "-m", name)
 	// Run the command and wait for completion
 	out, err := cmd.CombinedOutput()

cmd/chkmqready/main.go

@@ -37,5 +37,8 @@ func main() {
 		fmt.Println(err)
 		os.Exit(1)
 	}
-	conn.Close()
+	err = conn.Close()
+	if err != nil {
+		fmt.Println(err)
+	}
 }

cmd/runmqdevserver/keystore.go

@@ -65,11 +65,27 @@ func (ks *KeyStore) Create() error {
 			stashFile := ks.Filename[0:len(ks.Filename)-len(extension)] + ".sth"
 			rdbFile := ks.Filename[0:len(ks.Filename)-len(extension)] + ".rdb"
 			crlFile := ks.Filename[0:len(ks.Filename)-len(extension)] + ".crl"
-			os.Remove(stashFile)
+			err = os.Remove(stashFile)
-			os.Remove(rdbFile)
+			if err != nil {
-			os.Remove(crlFile)
+				log.Errorf("Error removing %s: %v", stashFile, err)
+				return err
+			}
+			err = os.Remove(rdbFile)
+			if err != nil {
+				log.Errorf("Error removing %s: %v", rdbFile, err)
+				return err
+			}
+			err = os.Remove(crlFile)
+			if err != nil {
+				log.Errorf("Error removing %s: %v", crlFile, err)
+				return err
+			}
+		}
+		err = os.Remove(ks.Filename)
+		if err != nil {
+			log.Errorf("Error removing %s: %v", ks.Filename, err)
+			return err
 		}
-		os.Remove(ks.Filename)
 	} else if !os.IsNotExist(err) {
 		// If the keystore exists but cannot be accessed then return the error
 		return err

cmd/runmqdevserver/main.go

@@ -30,13 +30,17 @@ import (
 var log *logger.Logger
 
 func setPassword(user string, password string) error {
+	// #nosec G204
 	cmd := exec.Command("chpasswd")
 	stdin, err := cmd.StdinPipe()
 	if err != nil {
 		return err
 	}
 	fmt.Fprintf(stdin, "%s:%s", user, password)
-	stdin.Close()
+	err = stdin.Close()
+	if err != nil {
+		log.Errorf("Error closing password stdin: %v", err)
+	}
 	_, _, err = command.RunCmd(cmd)
 	if err != nil {
 		return err
@@ -165,6 +169,10 @@ func main() {
 		osExit(1)
 	} else {
 		// Replace this process with runmqserver
-		syscall.Exec("/usr/local/bin/runmqserver", []string{"runmqserver"}, os.Environ())
+		// #nosec G204
+		err = syscall.Exec("/usr/local/bin/runmqserver", []string{"runmqserver"}, os.Environ())
+		if err != nil {
+			log.Errorf("Error replacing this process with runmqserver: %v", err)
+		}
 	}
 }

cmd/runmqdevserver/mqsc.go

@@ -35,7 +35,14 @@ func updateMQSC(appPasswordRequired bool) error {
 			return err
 		}
 	} else {
-		os.Remove(mqsc)
+		_, err := os.Stat(mqsc)
+		if !os.IsNotExist(err) {
+			err = os.Remove(mqsc)
+			if err != nil {
+				log.Errorf("Error removing file %s: %v", mqsc, err)
+				return err
+			}
+		}
 	}
 	return nil
 }

cmd/runmqdevserver/template.go

@@ -36,7 +36,11 @@ func processTemplateFile(templateFile, destFile string, data interface{}) error
 	_, err = os.Stat(dir)
 	if err != nil {
 		if os.IsNotExist(err) {
-			os.MkdirAll(dir, 0660)
+			err = os.MkdirAll(dir, 0660)
+			if err != nil {
+				log.Error(err)
+				return err
+			}
 			mqmUID, mqmGID, err := command.LookupMQM()
 			if err != nil {
 				log.Error(err)
@@ -51,6 +55,7 @@ func processTemplateFile(templateFile, destFile string, data interface{}) error
 			return err
 		}
 	}
+	// #nosec G302
 	f, err := os.OpenFile(destFile, os.O_CREATE|os.O_WRONLY, 0660)
 	defer f.Close()
 	err = t.Execute(f, data)

cmd/runmqdevserver/tls.go

@@ -85,6 +85,7 @@ func configureTLS(qmName string, inputFile string, passPhrase string) error {
 	_, err = os.Stat(dir)
 	if err != nil {
 		if os.IsNotExist(err) {
+			// #nosec G301
 			err = os.MkdirAll(dir, 0770)
 			if err != nil {
 				return err

cmd/runmqserver/crtmqvol.go

@@ -29,6 +29,7 @@ func createVolume(path string) error {
 	fi, err := os.Stat(dataPath)
 	if err != nil {
 		if os.IsNotExist(err) {
+			// #nosec G301
 			err = os.MkdirAll(dataPath, 0755)
 			if err != nil {
 				return err

cmd/runmqserver/license.go

@@ -78,6 +78,7 @@ func checkLicense() (bool, error) {
 		return true, nil
 	case ok && lic == "view":
 		file := filepath.Join("/opt/mqm/licenses", resolveLicenseFile())
+		// #nosec G304
 		buf, err := ioutil.ReadFile(file)
 		if err != nil {
 			log.Println(err)

cmd/runmqserver/logging.go

@@ -33,7 +33,7 @@ import (
 // var debug = false
 var log *logger.Logger
 
-var collectDiagOnFail bool = false
+var collectDiagOnFail = false
 
 func logTerminationf(format string, args ...interface{}) {
 	logTermination(fmt.Sprintf(format, args))
@@ -108,8 +108,12 @@ func configureLogger(name string) (mirrorFunc, error) {
 		return func(msg string) {
 			// Parse the JSON message, and print a simplified version
 			var obj map[string]interface{}
-			json.Unmarshal([]byte(msg), &obj)
+			err := json.Unmarshal([]byte(msg), &obj)
-			fmt.Printf(formatSimple(obj["ibm_datetime"].(string), obj["message"].(string)))
+			if err != nil {
+				fmt.Printf("Failed to Unmarshall JSON - %v", err)
+			} else {
+				fmt.Printf(formatSimple(obj["ibm_datetime"].(string), obj["message"].(string)))
+			}
 		}, nil
 	default:
 		log, err = logger.NewLogger(os.Stdout, d, false, name)
@@ -124,20 +128,27 @@ func logDiagnostics() {
 	log.Debug("--- Start Diagnostics ---")
 
 	// show the directory ownership/permissions
+	// #nosec G104
 	out, _, _ := command.Run("ls", "-l", "/mnt/")
 	log.Debugf("/mnt/:\n%s", out)
+	// #nosec G104
 	out, _, _ = command.Run("ls", "-l", "/mnt/mqm")
 	log.Debugf("/mnt/mqm:\n%s", out)
+	// #nosec G104
 	out, _, _ = command.Run("ls", "-l", "/mnt/mqm/data")
 	log.Debugf("/mnt/mqm/data:\n%s", out)
+	// #nosec G104
 	out, _, _ = command.Run("ls", "-l", "/var/mqm")
 	log.Debugf("/var/mqm:\n%s", out)
+	// #nosec G104
 	out, _, _ = command.Run("ls", "-l", "/var/mqm/errors")
 	log.Debugf("/var/mqm/errors:\n%s", out)
 
 	// Print out summary of any FDCs
+	// #nosec G204
 	cmd := exec.Command("/opt/mqm/bin/ffstsummary")
 	cmd.Dir = "/var/mqm/errors"
+	// #nosec G104
 	outB, _ := cmd.CombinedOutput()
 	log.Debugf("ffstsummary:\n%s", string(outB))
 

cmd/runmqserver/main.go

@@ -129,7 +129,11 @@ func doMain() error {
 		logTermination(err)
 		return err
 	}
-	configureQueueManager()
+	err = configureQueueManager()
+	if err != nil {
+		logTermination(err)
+		return err
+	}
 
 	enableMetrics := os.Getenv("MQ_ENABLE_METRICS")
 	if enableMetrics == "true" || enableMetrics == "1" {
@@ -145,7 +149,11 @@ func doMain() error {
 	// Reap zombies now, just in case we've already got some
 	signalControl <- reapNow
 	// Write a file to indicate that chkmqready should now work as normal
-	ready.Set()
+	err = ready.Set()
+	if err != nil {
+		logTermination(err)
+		return err
+	}
 	// Wait for terminate signal
 	<-signalControl
 	return nil

cmd/runmqserver/mirror.go

@@ -139,7 +139,10 @@ func mirrorLog(ctx context.Context, wg *sync.WaitGroup, path string, fromStart b
 		// Always start at the beginning if we've been told to go from the start
 		if offset != 0 && !fromStart {
 			log.Debugf("Seeking offset %v in file %v", offset, path)
-			f.Seek(offset, 0)
+			_, err = f.Seek(offset, 0)
+			if err != nil {
+				log.Errorf("Unable to return to offset %v: %v", offset, err)
+			}
 		}
 		closing := false
 		for {
@@ -159,7 +162,10 @@ func mirrorLog(ctx context.Context, wg *sync.WaitGroup, path string, fromStart b
 				// could skip all those messages.  This could happen with a very small
 				// MQ error log size.
 				mirrorAvailableMessages(f, mf)
-				f.Close()
+				err = f.Close()
+				if err != nil {
+					log.Errorf("Unable to close mirror file handle: %v", err)
+				}
 				// Re-open file
 				log.Debugf("Re-opening error log file %v", path)
 				f, err = os.OpenFile(path, os.O_RDONLY, 0)

cmd/runmqserver/mqconfig.go

@@ -24,19 +24,20 @@ import (
 	"github.com/genuinetools/amicontained/container"
 )
 
-func logContainerRuntime() error {
+func logContainerRuntime() {
 	r, err := container.DetectRuntime()
 	if err != nil {
-		return err
+		log.Printf("Failed to get container runtime: %v", err)
+		return
 	}
 	log.Printf("Container runtime: %v", r)
-	return nil
 }
 
-func logBaseImage() error {
+func logBaseImage() {
 	buf, err := ioutil.ReadFile("/etc/os-release")
 	if err != nil {
-		return err
+		log.Printf("Failed to read /etc/os-release: %v", err)
+		return
 	}
 	lines := strings.Split(string(buf), "\n")
 	for _, l := range lines {
@@ -44,41 +45,40 @@ func logBaseImage() error {
 			words := strings.Split(l, "\"")
 			if len(words) >= 2 {
 				log.Printf("Base image: %v", words[1])
-				return nil
+				return
 			}
 		}
 	}
-	return nil
 }
 
 // logCapabilities logs the Linux capabilities (e.g. setuid, setgid).  See https://docs.docker.com/engine/reference/run/#runtime-privilege-and-linux-capabilities
-func logCapabilities() error {
+func logCapabilities() {
 	caps, err := container.Capabilities()
 	if err != nil {
-		return err
+		log.Printf("Failed to get container capabilities: %v", err)
+		return
 	}
 	for k, v := range caps {
 		if len(v) > 0 {
 			log.Printf("Capabilities (%s set): %v", strings.ToLower(k), strings.Join(v, ","))
 		}
 	}
-	return nil
 }
 
 // logSeccomp logs the seccomp enforcing mode, which affects which kernel calls can be made
-func logSeccomp() error {
+func logSeccomp() {
 	s, err := container.SeccompEnforcingMode()
 	if err != nil {
-		return err
+		log.Printf("Failed to get container SeccompEnforcingMode: %v", err)
+		return
 	}
 	log.Printf("seccomp enforcing mode: %v", s)
-	return nil
 }
 
 // logSecurityAttributes logs the security attributes of the current process.
 // The security attributes indicate whether AppArmor or SELinux are being used,
 // and what the level of confinement is.
-func logSecurityAttributes() error {
+func logSecurityAttributes() {
 	a, err := readProc("/proc/self/attr/current")
 	// On some systems, if AppArmor or SELinux are not installed, you get an
 	// error when you try and read `/proc/self/attr/current`, even though the
@@ -87,10 +87,10 @@ func logSecurityAttributes() error {
 		a = "none"
 	}
 	log.Printf("Process security attributes: %v", a)
-	return nil
 }
 
 func readProc(filename string) (value string, err error) {
+	// #nosec G304
 	buf, err := ioutil.ReadFile(filename)
 	if err != nil {
 		return "", err

cmd/runmqserver/qmgr.go

@@ -90,6 +90,7 @@ func configureQueueManager() error {
 	for _, file := range files {
 		if strings.HasSuffix(file.Name(), ".mqsc") {
 			abs := filepath.Join(configDir, file.Name())
+			// #nosec G204
 			cmd := exec.Command("runmqsc")
 			stdin, err := cmd.StdinPipe()
 			if err != nil {
@@ -97,6 +98,7 @@ func configureQueueManager() error {
 				return err
 			}
 			// Open the MQSC file for reading
+			// #nosec G304
 			f, err := os.Open(abs)
 			if err != nil {
 				log.Printf("Error opening %v: %v", abs, err)
@@ -104,10 +106,16 @@ func configureQueueManager() error {
 			// Copy the contents to stdin of the runmqsc process
 			_, err = io.Copy(stdin, f)
 			if err != nil {
-				log.Printf("Error reading %v: %v", abs, err)
+				log.Errorf("Error reading %v: %v", abs, err)
+			}
+			err = f.Close()
+			if err != nil {
+				log.Errorf("Failed to close MQSC file handle: %v", err)
+			}
+			err = stdin.Close()
+			if err != nil {
+				log.Errorf("Failed to close MQSC stdin: %v", err)
 			}
-			f.Close()
-			stdin.Close()
 			// Run the command and wait for completion
 			out, err := cmd.CombinedOutput()
 			if err != nil {

cmd/runmqserver/signals.go

@@ -43,7 +43,8 @@ func signalHandler(qmgr string) chan int {
 				log.Printf("Signal received: %v", sig)
 				signal.Stop(reapSignals)
 				signal.Stop(stopSignals)
-				metrics.StopMetricsGathering()
+				metrics.StopMetricsGathering(log)
+				// #nosec G104
 				stopQueueManager(qmgr)
 				// One final reap
 				reapZombies()

docs/building.md

@@ -1,25 +1,46 @@
-# Building a Docker image
+# Building a container image
 
 ## Prerequisites
-You need to ensure you have the following tools installed:
+
+### Prerequisites for building an Ubuntu image
+If you want to build a container image with Ubuntu Linux as the base OS, then you need to have the following tools installed:
+
 * [Docker](https://www.docker.com/) V17.06.1 or later
 * [GNU make](https://www.gnu.org/software/make/)
 
 If you are working in the Windows Subsystem for Linux, follow [this guide by Microsoft to set up Docker](https://blogs.msdn.microsoft.com/commandline/2017/12/08/cross-post-wsl-interoperability-with-docker/) first.
 
+### Prerequisites for building a Red Hat Enterprise Linux image
+If you want to build a container image with Red Hat Enterprise Linux as the base OS, then you need to use a host server with Red Hat Enterprise Linux.  You must also have the following tools installed:
+
+* [`buildah`](https://buildah.io) (available in `rhel-7-server-extras`)
+* [`podman`](https://podman.io) (available in `rhel-7-server-extras`)
+
+In addition, you need the following commonly installed tools:
+
+* `bash`
+* `coreutils`
+* `findutils`
+* `make`
+* `sed`
+* `shadow-utils`
+* `tar`
+
 ## Building a production image
 This procedure works for building the MQ Continuous Delivery release, on `x86_64`, `ppc64le` and `s390x` architectures.
 
 1. Create a `downloads` directory in the root of this repository
-2. Download MQ from IBM Passport Advantage, and place the downloaded file (for example, `IBM_MQ_9.1.0.0_UBUNTU_X86-64.tar.gz` for MQ V9.1.0 for Ubuntu on x86_64 architecture) in the `downloads` directory
+2. Download MQ from [IBM Passport Advantage](https://www.ibm.com/software/passportadvantage/) or [IBM Fix Central](https://www.ibm.com/support/fixcentral), and place the downloaded file (for example, `IBM_MQ_9.1.1_UBUNTU_X86-64.tar.gz` for MQ V9.1.1 for Ubuntu on x86_64 architecture) in the `downloads` directory
-2. Run `make build-advancedserver`
+3. Run `make build-advancedserver`
 
 > **Warning**: Note that MQ offers two different sets of packaging on Linux: one is called "MQ for Linux" and contains RPM files for installing on Red Hat Enterprise Linux and SUSE Linux Enterprise Server.  The other package is called "MQ for Ubuntu", and contains DEB files for installing on Ubuntu.
 
+On a Red Hat Enterprise Linux host, the command `make build-advancedserver` will build a container image using Red Hat Enterprise Linux as the base.  On all other hosts, the base image will be Ubuntu.
+
 You can build a different version of MQ by setting the `MQ_VERSION` environment variable, for example:
 
 ```bash
-MQ_VERSION=9.0.5.0 make build-advancedserver
+MQ_VERSION=9.1.0.0 make build-advancedserver
 ```
 
 If you have an MQ archive file with a different file name, you can specify a particular file (which must be in the `downloads` directory).  You should also specify the MQ version, so that the resulting image is tagged correctly, for example:
@@ -29,22 +50,10 @@ MQ_ARCHIVE=mq-1.2.3.4.tar.gz MQ_VERSION=1.2.3.4 make build-advancedserver
 ```
 
 ## Building a developer image
-Run `make build-devserver`, which will download the latest version of MQ Advanced for Developers from IBM developerWorks.  This is currently only available on the `x86_64` architecture.
+Run `make build-devserver`, which will download the latest version of MQ Advanced for Developers from IBM developerWorks.  This is currently only available on the `x86_64` architecture.  On a Red Hat Enterprise Linux host, this command will build a container image using Red Hat Enterprise Linux as the base.  On all other hosts, the base image will be Ubuntu.
 
 You can use the environment variable `MQ_ARCHIVE_DEV` to specify an alternative local file to install from (which must be in the `downloads` directory).
 
-## Building on a different base image
-By default, the MQ images use Ubuntu as the base layer.  You can build using a Red Hat Enterprise Linux compatible base layer by setting the `BASE_IMAGE` environment variable.  For example:
-
-```
-BASE_IMAGE=centos:7 make build-advancedserver
-```
-
-The `make` tool will try and locate the right archive file under the `downloads` directory, based on your platform architecture and your `MQ_VERSION` environment variable, for example `IBM_MQ_9.1.0.0_LINUX_X86_64.tar.gz` for MQ V9.1.0.0 on x86_64.  You can also set the `MQ_ARCHIVE` environment variable to set the specific file name.
-
-Note that if you are using Red Hat Enterprise Linux, you will need to create your own base image layer, with your subscription enabled, as described [here](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux_atomic_host/7/html/getting_started_with_containers/get_started_with_docker_formatted_container_images).  The MQ image build needs to install some additional packages, and a subscription is required to access the Red Hat repositories.
-
-
 ## Installed components
 
-This image includes the core MQ server, Java, language packs, and GSKit.  This can be configured by setting the `MQ_PACKAGES` argument to `make`, or directly as a [Docker build argument](https://docs.docker.com/engine/reference/commandline/build/#set-build-time-variables-build-arg).
+This image includes the core MQ server, Java, language packs, and GSKit.  This can be configured by setting the `MQ_PACKAGES` argument to `make`.  For the Ubuntu-based image, you can also directly set a [Docker build argument](https://docs.docker.com/engine/reference/commandline/build/#set-build-time-variables-build-arg).

docs/testing.md

@@ -25,7 +25,7 @@ make test-advancedserver
 You can specify the image to use directly by using the `MQ_IMAGE_ADVANCEDSERVER` or `MQ_IMAGE_DEVSERVER` variables, for example:
 
 ```
-MQ_IMAGE_ADVANCEDSERVER=mqadvanced-server:9.1.0.0-x86_64-ubuntu-16.04 make test-advancedserver
+MQ_IMAGE_ADVANCEDSERVER=mqadvanced-server:9.1.1.0-x86_64-ubuntu-16.04 make test-advancedserver
 ```
 
 You can pass parameters to `go test` with an environment variable.  For example, to run the "TestGoldenPath" test, run the following command::
@@ -34,10 +34,10 @@ You can pass parameters to `go test` with an environment variable.  For example,
 TEST_OPTS_DOCKER="-run TestGoldenPath" make test-advancedserver
 ```
 
-You can also use the same environment variables you specified when [building](./building), for example, the following will try and test an image called `mqadvanced-server:9.0.5.0-x86_64-ubuntu-16.04`:
+You can also use the same environment variables you specified when [building](./building), for example, the following will try and test an image called `mqadvanced-server:9.1.0.0-x86_64-ubuntu-16.04`:
 
 ```
-MQ_VERSION=9.0.5.0 make test-advancedserver
+MQ_VERSION=9.1.0.0 make test-advancedserver
 ```
 
 ### Running the Docker tests with code coverage

docs/usage.md

@@ -5,7 +5,7 @@ In order to use the image, it is necessary to accept the terms of the IBM MQ lic
 ## Running with the default configuration
 You can run a queue manager with the default configuration and a listener on port 1414 using the following command.  For example, the following command creates and starts a queue manager called `QM1`, and maps port 1414 on the host to the MQ listener on port 1414 inside the container, as well as port 9443 on the host to the web console on port 9443 inside the container:
 
-```
+```sh
 docker run \
   --env LICENSE=accept \
   --env MQ_QMGR_NAME=QM1 \
@@ -16,15 +16,15 @@ docker run \
 ```
 
 ## Running with the default configuration and a volume
-The above example will not persist any configuration data or messages across container runs.  In order to do this, you need to use a [volume](https://docs.docker.com/engine/admin/volumes/volumes/).  For example, you can create a volume with the following command:
+The above example will not persist any configuration data or messages across container runs.  In order to do this, you need to use a [volume](https://docs.docker.com/storage/volumes/).  For example, you can create a volume with the following command:
 
-```
+```sh
 docker volume create qm1data
 ```
 
 You can then run a queue manager using this volume as follows:
 
-```
+```sh
 docker run \
   --env LICENSE=accept \
   --env MQ_QMGR_NAME=QM1 \
@@ -40,7 +40,7 @@ The Docker image always uses `/mnt/mqm` for MQ data, which is correctly linked f
 ## Running with the default configuration and Prometheus metrics enabled
 You can run a queue manager with [Prometheus](https://prometheus.io) metrics enabled.  The following command will generate Prometheus metrics for your queue manager on `/metrics` port `9157`:
 
-```
+```sh
 docker run \
   --env LICENSE=accept \
   --env MQ_QMGR_NAME=QM1 \
@@ -58,11 +58,11 @@ You can customize the configuration in several ways:
 
 1. For getting started, you can use the [default developer configuration](developer-config.md), which is available out-of-the-box for the MQ Advanced for Developers image
 2. By creating your own image and adding your own MQSC file into the `/etc/mqm` directory on the image.  This file will be run when your queue manager is created.
-3. By using [remote MQ administration](http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_9.0.0/com.ibm.mq.adm.doc/q021090_.htm), via an MQ command server, the MQ HTTP APIs, or using a tool such as the MQ web console or MQ Explorer.
+3. By using [remote MQ administration](https://www.ibm.com/support/knowledgecenter/SSFKSJ_9.1.0/com.ibm.mq.adm.doc/q021090_.htm), via an MQ command server, the MQ HTTP APIs, or using a tool such as the MQ web console or MQ Explorer.
 
 Note that a listener is always created on port 1414 inside the container.  This port can be mapped to any port on the Docker host.
 
-The following is an *example* `Dockerfile` for creating your own pre-configured image, which adds a custom `config.mqsc` and an administrative user `alice`.  Note that it is not normally recommended to include passwords in this way:
+The following is an *example* `Dockerfile` for creating your own pre-configured image, which adds a custom MQ configuration file, and an administrative user `alice`.  Note that it is not normally recommended to include passwords in this way:
 
 ```dockerfile
 FROM ibmcom/mq
@@ -71,9 +71,9 @@ RUN useradd alice -G mqm && \
 COPY 20-config.mqsc /etc/mqm/
 ```
 
-Here is an example corresponding `20-config.mqsc` script from the [mqdev blog](https://www.ibm.com/developerworks/community/blogs/messaging/entry/getting_going_without_turning_off_mq_security?lang=en), which allows users with passwords to connect on the `PASSWORD.SVRCONN` channel:
+Here is an example corresponding `20-config.mqsc` script from the [mqdev blog](https://developer.ibm.com/messaging/2018/10/01/archives-getting-going-without-turning-off-ibm-mq-security/), which allows users with passwords to connect on the `PASSWORD.SVRCONN` channel:
 
-```
+```mqsc
 DEFINE CHANNEL(PASSWORD.SVRCONN) CHLTYPE(SVRCONN) REPLACE
 SET CHLAUTH(PASSWORD.SVRCONN) TYPE(BLOCKUSER) USERLIST('nobody') DESCR('Allow privileged users on this channel')
 SET CHLAUTH('*') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(NOACCESS) DESCR('BackStop rule')
@@ -82,10 +82,12 @@ ALTER AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
 REFRESH SECURITY TYPE(CONNAUTH)
 ```
 
+The file `20-config.mqsc` should be saved into the same directory as the `Dockerfile`.
+
 ## Running MQ commands
 It is recommended that you configure MQ in your own custom image.  However, you may need to run MQ commands directly inside the process space of the container.  To run a command against a running queue manager, you can use `docker exec`, for example:
 
-```
+```sh
 docker exec \
   --tty \
   --interactive \

incubating/Dockerfile-sfbridge

@@ -15,7 +15,7 @@
 FROM ubuntu:16.04
 
 # The URL to download the MQ installer from in tar.gz format
-ARG MQ_URL=https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev903_ubuntu_x86-64.tar.gz
+ARG MQ_URL=https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev911_ubuntu_x86-64.tar.gz
 
 # The MQ packages to install
 ARG MQ_PACKAGES="ibmmq-sfbridge"

incubating/mq-explorer/Dockerfile

@@ -15,7 +15,7 @@
 FROM ubuntu:16.04
 
 # The URL to download the MQ installer from in tar.gz format
-ARG MQ_URL=https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev903_ubuntu_x86-64.tar.gz
+ARG MQ_URL=https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev911_ubuntu_x86-64.tar.gz
 
 # The MQ packages to install
 ARG MQ_PACKAGES="ibmmq-explorer"

incubating/mq-golang-sdk/Dockerfile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-ARG BASE_IMAGE=mq-sdk:9.0.5.0-x86_64-ubuntu-16.04
+ARG BASE_IMAGE=mq-sdk:9.1.1.0-x86_64-ubuntu-16.04
 
 FROM $BASE_IMAGE
 

incubating/mqadvanced-server-dev/Dockerfile

@@ -12,8 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-ARG BASE_IMAGE=mqadvanced-server-dev-base:9.0.5.0-x86_64-ubuntu-16.04
+ARG BASE_IMAGE=mqadvanced-server-dev-base:9.1.1.0-x86_64-ubuntu-16.04
-ARG BUILDER_IMAGE=mq-golang-sdk:9.0.5.0-x86_64-ubuntu-16.04
+ARG BUILDER_IMAGE=mq-golang-sdk:9.1.1.0-x86_64-ubuntu-16.04
 
 ###############################################################################
 # Build stage to build Go code

incubating/mqadvanced-server-dev/web/installations/Installation1/servers/mqweb/mqwebuser.xml

@@ -35,5 +35,6 @@
         </group>
     </basicRegistry>
     <variable name="httpHost" value="*"/>
+    <variable name="managementMode" value="externallyprovisioned"/>
     <include location="tls.xml"/>
 </server>

install-build-deps-ubuntu.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+# -*- mode: sh -*-
+# © Copyright IBM Corporation 2015, 2018
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Install Docker and dep, required by build (assumes Ubuntu host, as used by Travis build)
+
+set -ex
+
+curl https://glide.sh/get | sh
+sudo curl -Lo /usr/local/bin/dep https://github.com/golang/dep/releases/download/v0.4.1/dep-linux-amd64
+sudo chmod +x /usr/local/bin/dep
+
+go get golang.org/x/lint/golint

install-mq.sh

@@ -139,7 +139,7 @@ rm -rf ${DIR_EXTRACT}
 
 # Apply any bug fixes not included in base Ubuntu or MQ image.
 # Don't upgrade everything based on Docker best practices https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run
-$UBUNTU && apt-get install -y gcc-5-base gnupg gpgv libgcrypt20 libstdc++6 perl-base --only-upgrade
+$UBUNTU && apt-get install -y libapparmor1 libsystemd0 systemd systemd-sysv libudev1 --only-upgrade
 # End of bug fixes
 
 # Clean up cached files

internal/command/command.go

@@ -53,11 +53,13 @@ func RunCmd(cmd *exec.Cmd) (string, int, error) {
 // Do not use this function to run shell built-ins (like "cd"), because
 // the error handling works differently
 func Run(name string, arg ...string) (string, int, error) {
+	// #nosec G204
 	return RunCmd(exec.Command(name, arg...))
 }
 
 // RunAsMQM runs the specified command as the mqm user
 func RunAsMQM(name string, arg ...string) (string, int, error) {
+	// #nosec G204
 	cmd := exec.Command(name, arg...)
 	cmd.SysProcAttr = &syscall.SysProcAttr{}
 	uid, gid, err := LookupMQM()

internal/metrics/metrics.go

@@ -44,7 +44,7 @@ func GatherMetrics(qmName string, log *logger.Logger) {
 	err := startMetricsGathering(qmName, log)
 	if err != nil {
 		log.Errorf("Metrics Error: %s", err.Error())
-		StopMetricsGathering()
+		StopMetricsGathering(log)
 	}
 }
 
@@ -76,6 +76,7 @@ func startMetricsGathering(qmName string, log *logger.Logger) error {
 	http.Handle("/metrics", prometheus.Handler())
 	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(200)
+		// #nosec G104
 		w.Write([]byte("Status: METRICS ACTIVE"))
 	})
 
@@ -83,7 +84,7 @@ func startMetricsGathering(qmName string, log *logger.Logger) error {
 		err = metricsServer.ListenAndServe()
 		if err != nil && err != http.ErrServerClosed {
 			log.Errorf("Metrics Error: Failed to handle metrics request: %v", err)
-			StopMetricsGathering()
+			StopMetricsGathering(log)
 		}
 	}()
 
@@ -91,7 +92,7 @@ func startMetricsGathering(qmName string, log *logger.Logger) error {
 }
 
 // StopMetricsGathering stops gathering metrics for the queue manager
-func StopMetricsGathering() {
+func StopMetricsGathering(log *logger.Logger) {
 
 	if metricsEnabled {
 
@@ -101,6 +102,9 @@ func StopMetricsGathering() {
 		// Shutdown HTTP server
 		timeout, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 		defer cancel()
-		metricsServer.Shutdown(timeout)
+		err := metricsServer.Shutdown(timeout)
+		if err != nil {
+			log.Errorf("Failed to shutdown metrics server: %v", err)
+		}
 	}
 }

internal/metrics/update.go

@@ -62,6 +62,7 @@ func processMetrics(log *logger.Logger, qmName string) {
 				firstConnect = false
 				startChannel <- true
 			}
+			// #nosec G104
 			metrics, _ = initialiseMetrics(log)
 		}
 

manifests/dockerhub/manifest-9.1.1.yaml

@@ -0,0 +1,29 @@
+# © Copyright IBM Corporation 2018
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+image: ibmcom/mq:9.1.1.0
+manifests:
+  - image: ibmcom/mq:9.1.1.0-x86_64
+    platform:
+      architecture: amd64
+      os: linux
+  - image: ibmcom/mq:9.1.1.0-ppc64le
+    platform:
+      architecture: ppc64le
+      os: linux
+  - image: ibmcom/mq:9.1.1.0-s390x
+    platform:
+      architecture: s390x
+      os: linux
+

manifests/dockerhub/manifest-9.yaml

@@ -14,15 +14,15 @@
 
 image: ibmcom/mq:9
 manifests:
-  - image: ibmcom/mq:9.1.0.0-x86_64
+  - image: ibmcom/mq:9.1.1.0-x86_64
     platform:
       architecture: amd64
       os: linux
-  - image: ibmcom/mq:9.1.0.0-ppc64le
+  - image: ibmcom/mq:9.1.1.0-ppc64le
     platform:
       architecture: ppc64le
       os: linux
-  - image: ibmcom/mq:9.1.0.0-s390x
+  - image: ibmcom/mq:9.1.1.0-s390x
     platform:
       architecture: s390x
       os: linux

manifests/dockerhub/manifest-latest.yaml

@@ -14,15 +14,15 @@
 
 image: ibmcom/mq:latest
 manifests:
-  - image: ibmcom/mq:9.1.0.0-x86_64
+  - image: ibmcom/mq:9.1.1.0-x86_64
     platform:
       architecture: amd64
       os: linux
-  - image: ibmcom/mq:9.1.0.0-ppc64le
+  - image: ibmcom/mq:9.1.1.0-ppc64le
     platform:
       architecture: ppc64le
       os: linux
-  - image: ibmcom/mq:9.1.0.0-s390x
+  - image: ibmcom/mq:9.1.1.0-s390x
     platform:
       architecture: s390x
       os: linux

manifests/dockerstore/manifest-9.1.1.yaml

@@ -0,0 +1,29 @@
+# © Copyright IBM Corporation 2018
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+image: ibmcorp/mqadvanced-server-dev:9.1.1.0
+manifests:
+  - image: ibmcorp/mqadvanced-server-dev:9.1.1.0-x86_64
+    platform:
+      architecture: amd64
+      os: linux
+  - image: ibmcorp/mqadvanced-server-dev:9.1.1.0-ppc64le
+    platform:
+      architecture: ppc64le
+      os: linux
+  - image: ibmcorp/mqadvanced-server-dev:9.1.1.0-s390x
+    platform:
+      architecture: s390x
+      os: linux
+

mq-advanced-server-rhel/go-buildah.sh

@@ -18,6 +18,16 @@
 # Run the Go build script inside the Go container, mounting the source
 # directory in
 
+function usage {
+  echo "Usage: $0 TAG DevModeFlag"
+  exit 20
+}
+
+if [ "$#" -ne 2 ]; then
+  echo "ERROR: Invalid number of parameters"
+  usage
+fi
+
 readonly tag=$1
 readonly dev=$2
 

mq-advanced-server-rhel/install-mq-rhel.sh

@@ -19,6 +19,16 @@
 
 set -ex
 
+function usage {
+  echo "Usage: $0 MQContainer MountLocation ARCHIVENAME PACKAGES"
+  exit 20
+}
+
+if [ "$#" -ne 4 ]; then
+  echo "ERROR: Invalid number of parameters"
+  usage
+fi
+
 readonly ctr_mq=$1
 readonly mnt_mq=$2
 readonly archive=$3

mq-advanced-server-rhel/mq-buildah.sh

@@ -22,12 +22,34 @@
 set -x
 set -e
 
+function usage {
+  echo "Usage: $0 ARCHIVENAME PACKAGES TAG VERSION MQDevFlag"
+  exit 20
+}
+
+if [ "$#" -ne 5 ]; then
+  echo "ERROR: Invalid number of parameters"
+  usage
+fi
+
 ###############################################################################
 # Setup MQ server working container
 ###############################################################################
 
 readonly ctr_mq=$(buildah from rhel7)
+if [ -z "$ctr_mq" ]
+then
+  echo "ERROR: ctr_mq is empty. Check above output for errors"
+  exit 50
+fi
+
 readonly mnt_mq=$(buildah mount $ctr_mq)
+if [ -z "$mnt_mq" ]
+then
+  echo "ERROR: mnt_mq is empty. Check above output for errors"
+  exit 50
+fi
+
 readonly archive=downloads/$1
 readonly packages=$2
 readonly tag=$3
@@ -82,9 +104,11 @@ install --mode 0750 --owner 888 --group 888 ./NOTICES.txt ${mnt_mq}/opt/mqm/lice
 if [ "$mqdev" = "TRUE" ]; then
   OSTAG="mq messaging developer"
   DISNAME="IBM MQ Advanced Server Developer Edition"
+  PID="98102d16795c4263ad9ca075190a2d4d"
 else
   OSTAG="mq messaging"
   DISNAME="IBM MQ Advanced Server"
+  PID="4486e8c4cc9146fd9b3ce1f14a2dfc5b"
 fi
 
 buildah config \
@@ -102,6 +126,9 @@ buildah config \
   --label run="docker run -d -e LICENSE=accept --name ibm-mq ${tag%:*}" \
   --label summary="$DISNAME" \
   --label description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
+  --label IBM_PRODUCT_ID="$PID" \
+  --label IBM_PRODUCT_NAME="$DISNAME" \
+  --label IBM_PRODUCT_VERSION="$version" \
   --env AMQ_ADDITIONAL_JSON_LOG=1 \
   --env LANG=en_US.UTF-8 \
   --env LOG_FORMAT=basic \

mq-advanced-server-rhel/mq-golang-sdk-buildah.sh

@@ -18,19 +18,41 @@
 # Build a RHEL image for building Go programs which use MQ
 
 set -ex
+
+function usage {
+  echo "Usage: $0 ARCHIVENAME TAG"
+  exit 20
+}
+
+if [ "$#" -ne 2 ]; then
+  echo "ERROR: Invalid number of parameters"
+  usage
+fi
+
 readonly mq_archive=downloads/$1
 readonly tag=$2
 # Use plain RHEL 7 container
 # Note: Red Hat's devtools/go-toolset-7-rhel7 image doesn't allow use of 'root'
 # user required for installing the MQ SDK
 readonly ctr_mq=$(buildah from rhel7)
+if [ -z "$ctr_mq" ]
+then
+  echo "ERROR: ctr_mq is empty. Check above output for errors"
+  exit 50
+fi
+
 readonly mnt_mq=$(buildah mount $ctr_mq)
+if [ -z "$mnt_mq" ]
+then
+  echo "ERROR: mnt_mq is empty. Check above output for errors"
+  exit 50
+fi
 
 # Add mqm user
-groupadd --root $mnt_mq --system --gid 888 mqm
+sudo groupadd --root $mnt_mq --system --gid 888 mqm
-useradd --root $mnt_mq --system --uid 888 --gid mqm mqm
+sudo useradd --root $mnt_mq --system --uid 888 --gid mqm mqm
-usermod --root $mnt_mq -aG root mqm
+sudo usermod --root $mnt_mq -aG root mqm
-usermod --root $mnt_mq -aG mqm root
+sudo usermod --root $mnt_mq -aG mqm root
 
 # Enable Yum repository for "optional" RPMs, which is needed for "golang"
 buildah run ${ctr_mq} -- yum-config-manager --enable rhel-7-server-optional-rpms

mq-advanced-server-rhel/mqdev-buildah.sh

@@ -22,6 +22,16 @@
 set -x
 set -e
 
+function usage {
+  echo "Usage: $0 BASETAG TAG VERSION"
+  exit 20
+}
+
+if [ "$#" -ne 3 ]; then
+  echo "ERROR: Invalid number of parameters"
+  usage
+fi
+
 ###############################################################################
 # Setup MQ server working container
 ###############################################################################
@@ -30,7 +40,19 @@ set -e
 # Resulting image won't have yum, for example
 readonly basetag=$1
 readonly ctr_mq=$(buildah from $basetag)
+if [ -z "$ctr_mq" ]
+then
+  echo "ERROR: ctr_mq is empty. Check above output for errors"
+  exit 50
+fi
+
 readonly mnt_mq=$(buildah mount $ctr_mq)
+if [ -z "$mnt_mq" ]
+then
+  echo "ERROR: mnt_mq is empty. Check above output for errors"
+  exit 50
+fi
+
 readonly tag=$2
 readonly version=$3
 
@@ -74,6 +96,9 @@ buildah config \
   --label run="docker run -d -e LICENSE=accept --name ibm-mq-dev ${tag%:*}" \
   --label summary="IBM MQ Advanced Server Developer Edition" \
   --label description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
+  --label IBM_PRODUCT_ID="98102d16795c4263ad9ca075190a2d4d" \
+  --label IBM_PRODUCT_NAME="IBM MQ Advanced Server Developer Edition" \
+  --label IBM_PRODUCT_VERSION="$version" \
   --env AMQ_ADDITIONAL_JSON_LOG=1 \
   --env LANG=en_US.UTF-8 \
   --env LOG_FORMAT=basic \